Principal Cloud Security Engineer

About The Position

Requirements

• Education and Experience in IT and Cybersecurity
• 12+ years of experience in scripting languages (e.g., Bash, PowerShell, Python) and configuration management/infrastructure as code tools (e.g., Puppet, Ansible, Terraform).
• Bachelor's degree or equivalent years of work experience (16+ years of total work experience)
• Cloud Security and Architecture Expertise
• Proven experience in cloud security architecture, design, and implementation across major cloud platforms (AWS, Azure, Google Cloud).
• Hands-on experience with cloud security tools and services (e.g., AWS Security Hub, Azure Security Center, Google Cloud Security Command Center).
• Compliance, Vulnerability Management, and IT Governance
• Experience working under US Government compliance regimes (e.g., CMMC, NIST, DISA STIG) and ITIL/Change Review systems.
• Proficiency in vulnerability management systems (e.g., Tenable, Bringa) and CLI scanning tools (e.g., Trivy, OpenSCAP).
• Version Control, Networking, and Secure Communication
• Extensive experience with git-driven version control systems (e.g., GitHub, GitLab, Bitbucket).
• Strong understanding of networking concepts, encryption techniques, and secure communication protocols.
• Data and Analytics Expertise
• Experience with databases (e.g., PostgreSQL, SQLite) and data formats (e.g., Parquet, Arrow).
• Proficiency in analytics systems (e.g., PowerBI, Jupyter) and vendor-agnostic assessment engines (e.g., Cloud Custodian, Panther).

Nice To Haves

• Advanced degree in computer science, information technology, cybersecurity, or equivalent career experience
• Involvement with community cybersecurity organizations
• Experience with the following:
• AWS GovCloud / Azure GCC High
• CI/CD pipeline security
• Tier 2 cloud vendors
• Hybrid cloud engineering
• SAST and DAST testing
• Secrets management / vaults / HSMs
• Cloud incident response / forensics
• Log aggregators like Graylog, ELK, or Splunk

Responsibilities

• Design, implement, and maintain security controls for hybrid cloud-based environments, including infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and function as a service (FaaS) solutions.
• Design and develop custom automation in pursuit of cyber team objectives.
• Provide security support for internal and external design reviews related to security.
• Conduct security assessments and risk analyses to identify vulnerabilities and develop mitigation strategies for automated infrastructure such as public cloud, CI/CD pipelines, and agentic systems.
• Work with Infrastructure Operations to Implement and manage identity and access management (IAM) solutions to control access to cloud resources and applications.
• Develop documentation, plans, and proofs of concept for cybersecurity-related platform improvements.
• Configure and monitor cloud security tools and services.
• Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC), DevOps, and MLOps processes.
• Maintain systems to help the team stay up-to-date on emerging threats, vulnerabilities, and industry best practices related to DevSecOps/MLOps and recommend proactive measures to enhance security posture.
• Provide guidance and support to internal teams on security-related matters, including incident response, compliance, and security awareness training.
• Participate in regular security audits, assessments, and compliance reviews to ensure adherence to regulatory requirements and industry standards.

Benefits

• Employees may also receive company equity and access to a robust benefits package including: top tier medical HMO, PPO & a 100% company-sponsored medical HSA plan option, dental and vision coverage, 3 weeks paid vacation and 5 days sick leave per year, 11 paid holidays per year, flexible spending and dependent care savings accounts, paid parental leave, disability insurance, life insurance, and access to a 401(k) retirement plan with company match.
• Other perks include: Discounted employee stock purchase program, subsidized EV charging stations, onsite gym, food and drinks, and other discounts.